The FBI on Thursday threatened to raise the stakes in its legal battle with Apple, suggesting it could demand access to the iPhone’s source code and the electronic signature used to verify its software updates.
Battle Over Encryption
As part of the ongoing battle between the government and the tech industry over encryption in the United States, the FBI demanded Apple help it defeat the password security features on an iPhone 5C used by one of the San Bernardino shooters. Specifically, the FBI wants Apple to create a modified version of the iPhone operating software that would allow the FBI to run an unlimited number of brute force attacks against a phone’s password to gain access.
When Apple refused to assist voluntarily, the FBI went to court, where a U.S. Magistrate Judge cited the 1789 All Writs Act as legal justification to force Apple to comply. Apple is now appealing that court decision.
FBI Wants It All
But in a new court filing on Thursday, the FBI said that if it can’t require Apple to create the weakened software, it may demand access to Apple’s actual source code instead. Source code is the programming instructions that run the iPhone, and controls every aspect of the phone’s operation, including security protections.
The FBI also said it may demand Apple’s signature digital key, which is required to update software on all iPhones. That key is what allows Apple to push out updates with the assurance that only its software will be installed by a phone. With the digital key, the FBI would be able to push out malware and spyware of its own design to any Apple phone worldwide.
Basically, with the digital key, the FBI would be able to fool technology globally that it “was Apple.” The key is a very powerful tool, to either ensure security, or defeat it.
The Lavabit Case
The Apple case is not the first time the government has demanded encryption keys from private businesses.
In the wake of the Edward Snowden revelations, the government demanded the digital encryption keys used by a secure email service, Lavabit, alledgedly used by Snowden. Lavabit shut down its services in August 2013 to avoid being forced to compromise user data, with founder Ladar Levison saying at the time: “I would strongly recommend against anyone trusting their private data to a company with physical ties to the United States.”
Lavabit has filed an amicus brief in support of Apple.
The FBI’s Threat: Time to Get Scared
In the Apple case, if the FBI got access to those two items, the source code and the digital key, the Bureau could write a security-weakened version of iOS and install it on any phone they wished. The FBI’s threat was thinly-veiled:
The FBI itself cannot modify the software on Farook’s iPhone without access to the source code and Apple’s private electronic signature,” the agency wrote in its court filing. “The government did not seek to compel Apple to turn those over because it believed such a request would be less palatable to Apple. If Apple would prefer that course, however, that may provide an alternative that requires less labor by Apple programmers.
Time to get scared.
The government wants it all – not just your data, but the technical tools and code to control your devices and bypass any security and encryption you or the tech companies might employ. That would be the end of any Fourth Amendment protections left that apply to the digital world.
Peter Van Buren blew the whistle on State Department waste and mismanagement during Iraqi reconstruction in his first book, We Meant Well: How I Helped Lose the Battle for the Hearts and Minds of the Iraqi People. His latest book is Ghosts of Tom Joad: A Story of the #99 Percent. Reprinted from the his blog with permission.